29 January 2019

Information for site owners: check your DNS settings before February the 1st

The global change in the DNS standard is scheduled for February 1, 2019. The websites that don’t comply with the new standard will become unavailable. According to the estimates of global DNS providers, only 5-10% of the websites are under the threat, but we recommend you to check your domains just in case.

How to check and fix

The changes will affect the following software: Bind, PowerDNS, Knot Resolver and Unbound. Our products use Bind and PowerDNS so we had small research to find out the risk factors for our users. According to the research results, the websites that use outdated OS with Bind released before 8.3 version and Power DNS before 3.0 version will become unavailable from February the 1st.
Make sure that your website is safe. Visit DNS flag day, enter your domain name and click “Test”. If you get a critical errors warning, upgrade your server’s software or contact your system administrator or hosting provider.

We have discovered about 100 servers using ISPmanager at the risk.

  1. ISPmanager 5 Lite using CentOS 6 and PowerDNS,
  2. ISPmanager 5 Business, using any OS and PowerDNS,
  3. DNSmanager 5 using CentOS 6 and PowerDNS.

What’s going on

DNS (domain name system) is a distributed computer system for obtaining information about domains. The DNS protocol was initially launched in the 1980s and received many improvements in 1999 when an enhanced version (EDNS) was released. Both versions of the protocols still work without backward compatibility, which in general has a negative impact on the entire domain system on the Internet.
The servers with outdated DNS version currently ignore the EDNS requests. In such cases, the requester’s side repeats the request using the old DNS Protocol. However, this feature won’t be supported anymore starting from February the 1st. Only the servers upgraded to EDNS will be able to exchange requests.